THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Kevin Kline

DBTA - Russian Hackers Steal 1.2b Internet Credentials: Or, Why the Heck Does this Keep Happening?!

I'm decidedly old-school in a few of my habits. My morning routine, barring anything out of the ordinary, is one such example. Typically, I'll get up between 6:30 to 7:00 am, grab my first cup of coffee, and then chat with my daughters for a few minutes before seeing them off to school. Next, I make a bowl of oatmeal (a great choice for diabetics like me), pour a second cup of coffee, and browse the local paper, The Tennessean, while I have breakfast. On the morning of August 5, I had the added pleasure of spewing said coffee and oatmeal all over my morning paper when I read the headlines: Russian gang stole 1.2 billion Net passwords.

Scanning the article, midway through the details, I saw that the hackers used good, ol’ fashioned SQL injection attacks. They target approximately 450,000 websites from small mom-and-pop shops to the very largest company websites. A bit later, I read more online from The New York Times article where the story first broke.

Their efforts brought in 4.5 billion records in total, each one containing a user name and password, resulting 1.2 billion unique accounts. And of those unique accounts, a little data processing found that there were about 542 million unique email address, since many people use the same user name and password on multiple accounts.

Read the rest of this article at http://www.dbta.com/Columns/SQL-Server-Drill-Down/Russian-Hackers-Steal-12b-Internet-Credentials-Or-Why-the-Heck-Does-this-Keep-Happening!-99182.aspx

Published Wednesday, July 1, 2015 8:00 AM by KKline

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

jerome said:

well... the developers still use the worst method: they store a password in a database. and most of them store the PWD in clear text!!! today there is no reason to store any account in a database. everybody should use an AD or/and an SSO method. I have never use an SQL database to store my user accounts. teachers in university, IT architects and other IT managers must train the developers correctly  (or must define good best practices) to avoid these issues. else a developer will choose the most simple path, and so the most unsecured one.

July 1, 2015 9:08 AM
 

KKline said:

Well said, Jerome!

July 2, 2015 8:44 AM
 

Wayne said:

It's unfair to stick this to the developers - this debacle belongs to the managers and the "C-suite", not the developers. Until they are willing to commit the finances and resources to do the job right (developer training, code review, testing, etc.), it will never be done right. Until a company can no longer buy insurance for these security issues, they won't have the incentive to do so... after all, it's cheaper to buy insurance than to do these other, responsible things.

IMO, this will never be done properly... not until the managers face mandatory jail time will the managers have the incentive to do the job done right.

Yes, developers need to learn how to do things the right way also. However, it is the managers job to ensure that the developer has been properly trained.

July 5, 2015 9:06 PM
 

dfherer said:

August 23, 2018 1:15 AM
 

obat batuk kronis said:

https://goo.gl/KTrjVR Obat herbal kolesterol terbaik

https://goo.gl/9qCgf9 Obat Batuk Kronis Alami Terbaik

https://goo.gl/HQh67p Masker wajah alami untuk menghilangkan jerawat

https://goo.gl/4UJxUL Obat liver alami aman dan terbaik

https://goo.gl/j3PFHJ Obat herbal sinusitis kronis terbaik

https://goo.gl/W5W8F9 Obat bronkitis anak secara alami

https://goo.gl/2AsGLu Obat Kanker Payudara terbaru 2018

https://goo.gl/ssFQGs Cara meningkatkan nafsu makan secara alami

https://goo.gl/KSnnFb Obat herbal diabetes menurunkan gula darah

https://goo.gl/ngiymL Obat herbal kusta terbaik

https://goo.gl/ZsjaLf Obat benjolan di leher tanpa operasi

https://goo.gl/arrkfe Obat Herbal Kanker Otak tuntas hingga akar

https://goo.gl/VBFyi2 Obat TBC alami aman tanpa efek samping

https://goo.gl/ooXyhS Obat radang amandel sembuh tanpa operasi

https://goo.gl/94gZFX Obat asam urat alami tanpa efek sampinfg

https://goo.gl/Ld4VKF Obat tetes Sariawan secara alami

https://goo.gl/8v2oKL Cara mengobati mata bengkak dengan cepat

https://goo.gl/pnP3nA Obat tradisional kanker lambung terbaik

https://goo.gl/96UaW3 Obat kanker paru paru

https://goo.gl/bjzQzS Obat usus buntu alami tanpa operasi

https://goo.gl/PUDELN Obat asam lambung naik cara alami

August 27, 2018 8:22 PM

Leave a Comment

(required) 
(required) 
Submit

About KKline

Kevin Kline is a well-known database industry expert, author, and speaker. Kevin is a long-time Microsoft MVP and was one of the founders of PASS, www.sqlpass.org.

This Blog

Syndication

Archives

Privacy Statement